Location: PHPKode > projects > phpMyOrdering > phpMyOrdering-0.1.7-alpha/scripts/classes/class.sso.php
<?PHP
/*
 * phpMyAuth
 * Jason Gerfen [hide@address.com]
 *
 * class.sso.php - Handle remote SSO application commands
 */

class ssoHandler
{

 /*
  * Return error codes refering application can utilize
  *
  * 0x10000 = Empty $token &/or $data variables
  * 0x20000 = Decoded token array length signifying invalid/spoofed token
  * 0x30000 = Database query error
  * 0x40000 = Record added for user, group
  * 0x50000 = Record edited for user, group
  * 0x60000 = Record deleted for user, group
  * 0x00000 = User/Group access is prohibited
  * 0x01000 = Group is allowed read access
  * 0x00100 = Group is allowed write access
  * 0x01100 = Group is allowed read/write access
  * 0x00010 = User is allowed read access
  * 0x00001 = User is allowed write access
  * 0x00011 = User is allowed read/write access
  * 0x01111 = User/Group is allowed read/write access
  *
  */

 // handle adding remote application resource object permissions
 function AddResource( $token, $data )
 {
  global $handles;
  global $defined;

  if( ( empty( $token ) ) || ( empty( $data ) ) ) {
   // return error about missing data
   $ret = '0x10000';
  } else {
   $array = $handles['encrypt']->DecodeAuthTokenHeavy( $token );
   if( count( $array ) < 10 ) {
    // return error on length of array
    $ret = '0x20000';
   } else {
    // process new item in resource table for both user and group
    // data found in decoded authentication token credentials
    $dbconn = $handles['db']->dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] );
    $a['check-resource'] = "SELECT * FROM `resources` WHERE `resource` = \"" . md5( $data ) . "\" AND `common-name` = \"" . $data . "\"";
    $a['check-group'] = "SELECT * FROM `resources_groups` WHERE `group` = \"" . $array[3] . "\" AND `resource` = \"" . md5( $data ) . "\"";
    $a['check-user'] = "SELECT * FROM `resources_users` WHERE `user` = \"" . $array[0] . "\" AND `resource` = \"" . md5( $data ) . "\"";
    foreach( $a as $b => $c ) {
     if( ( $x = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $c, $dbconn ), $dbconn ) ) !== -1 ) {
      if( $handles['db']->dbNumRowsAffected( $dbconn ) > 0 ) {
       if( $b === "check-resource" ) {
        $sql['resource'] = "UPDATE `resources` SET `common-name` =\"" . $data . "\", `resource` = \"" . md5( $data ) . "\", `owner` = \"" . $array[0] . "\" WHERE `common-name` = \"" . $data . "\" AND `resource` = \"" . md5( $data ) . "\" LIMIT 1";
       }
       if( $b === "check-group" ) {
        $sql['group'] = "UPDATE `resources_groups` SET `group` =\"" . $array[3] . "\", `resource` = \"" . md5( $data ) . "\", `read` = \"1\", `write` = \"1\" WHERE `group` = \"" . $array[3] . "\" AND `resource` = \"" . md5( $data ) . "\" LIMIT 1";
       }
       if( $b === "check-user" ) {
        $sql['user'] = "UPDATE `resources_users` SET `user` =\"" . $array[0] . "\", `resource` = \"" . md5( $data ) . "\", `read` = \"1\", `write` = \"1\" WHERE `user` = \"" . $array[0] . "\" AND `resource` = \"" . md5( $data ) . "\" LIMIT 1";
       }
      } else {
       if( $b === "check-resource" ) {
        $sql['resource'] = "INSERT INTO `resources` ( `resource`, `common-name`, `owner` ) VALUES ( \"" . md5( $data ) . "\", \"" . $data . "\", \"" . $array[0] . "\" )";
       }
       if( $b === "check-group" ) {
        $sql['group'] = "INSERT INTO `resources_groups` ( `group`, `resource`, `read`, `write` ) VALUES ( \"" . $array[3] . "\", \"" . md5( $data ) . "\", \"1\", \"1\" )";
       }
       if( $b === "check-user" ) {
        $sql['user'] = "INSERT INTO `resources_users` ( `user`, `resource`, `read`, `write` ) VALUES ( \"" . $array[0] . "\", \"" . md5( $data ) . "\", \"1\", \"1\" )";
       }
      }
     } else {
      $ret .= '0x30000';
     }
    }
    foreach( $sql as $x => $y ) {
     if( $handles['db']->dbQuery( $handles['val']->ValidateSQL( $y, $dbconn ), $dbconn ) !== -1 ) {
      $ret = '0x40000';
     } else {
      $ret = '0x30000';
     }
    }
    // clean things up to keep things speedy
    $handles['db']->dbFixTable( "resources", $dbconn );
    $handles['db']->dbFixTable( "resources_users", $dbconn );
    $handles['db']->dbFixTable( "resources_groups", $dbconn );
    $handles['db']->dbFreeData( $value );
    $handles['db']->dbCloseConn( $dbconn );
   }
  }
  return $ret;
 }
 
 // handle edit remote application resource object permissions
 function EditResource( $token, $data )
 {
  global $handles;
  global $defined;

  if( ( empty( $token ) ) || ( empty( $data ) ) ) {
   // return error about missing data
   $ret = '0x10000';
  } else {
   $array = $handles['encrypt']->DecodeAuthTokenHeavy( $token );
   if( count( $array ) < 10 ) {
    // return error on length of array
    $ret = '0x20000';
   } else {
    // process new item in resource table for both user and group
    // data found in decoded authentication token credentials
    $dbconn = $handles['db']->dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] );
    $a['check-resource'] = "SELECT * FROM `resources` WHERE `resource` = \"" . md5( $data ) . "\" AND `common-name` = \"" . $data . "\"";
    $a['check-group'] = "SELECT * FROM `resources_groups` WHERE `group` = \"" . $array[3] . "\" AND `resource` = \"" . md5( $data ) . "\"";
    $a['check-user'] = "SELECT * FROM `resources_users` WHERE `user` = \"" . $array[0] . "\" AND `resource` = \"" . md5( $data ) . "\"";
    foreach( $a as $b => $c ) {
     if( ( $x = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $c, $dbconn ), $dbconn ) ) !== -1 ) {
      if( $handles['db']->dbNumRowsAffected( $dbconn ) > 0 ) {
       if( $b === "check-resource" ) {
        $sql['resource'] = "UPDATE `resources` SET `common-name` =\"" . $data . "\", `resource` = \"" . md5( $data ) . "\", `owner` = \"" . $array[0] . "\" WHERE `common-name` = \"" . $data . "\" AND `resource` = \"" . md5( $data ) . "\" LIMIT 1";
       }
       if( $b === "check-group" ) {
        $sql['group'] = "UPDATE `resources_groups` SET `group` =\"" . $array[3] . "\", `resource` = \"" . md5( $data ) . "\", `read` = \"1\", `write` = \"1\" WHERE `group` = \"" . $array[3] . "\" AND `resource` = \"" . md5( $data ) . "\" LIMIT 1";
       }
       if( $b === "check-user" ) {
        $sql['user'] = "UPDATE `resources_users` SET `user` =\"" . $array[0] . "\", `resource` = \"" . md5( $data ) . "\", `read` = \"1\", `write` = \"1\" WHERE `user` = \"" . $array[0] . "\" AND `resource` = \"" . md5( $data ) . "\" LIMIT 1";
       }
      } else {
       if( $b === "check-resource" ) {
        $sql['resource'] = "INSERT INTO `resources` ( `resource`, `common-name`, `owner` ) VALUES ( \"" . md5( $data ) . "\", \"" . $data . "\", \"" . $array[0] . "\"";
       }
       if( $b === "check-group" ) {
        $sql['group'] = "INSERT INTO `resources_groups` ( `group`, `resource`, `read`, `write` ) VALUES ( \"" . $array[3] . "\", \"" . md5( $data ) . "\", \"1\", \"1\" )";
       }
       if( $b === "check-user" ) {
        $sql['user'] = "INSERT INTO `resources_users` ( `user`, `resource`, `read`, `write` ) VALUES ( \"" . $array[0] . "\", \"" . md5( $data ) . "\", \"1\", \"1\" )";
       }
      }
     } else {
      $ret = '0x30000';
     }
    }
    foreach( $sql as $x => $y ) {
     if( $handles['db']->dbQuery( $handles['val']->ValidateSQL( $y, $dbconn ), $dbconn ) !== -1 ) {
      $ret = '0x40000';
     } else {
      $ret = '0x30000';
     }
    }
    // clean things up to keep things speedy
    $handles['db']->dbFixTable( "resources", $dbconn );
    $handles['db']->dbFixTable( "resources_users", $dbconn );
    $handles['db']->dbFixTable( "resources_groups", $dbconn );
    $handles['db']->dbFreeData( $value );
    $handles['db']->dbCloseConn( $dbconn );
   }
  }
  return $ret;
 }

 // handle deleting remote application resource object permissions
 function DeleteResource( $token, $data )
 {
  global $handles;
  global $defined;

  if( ( empty( $token ) ) || ( empty( $data ) ) ) {
   // return error about missing data
   $ret = '0x10000';
  } else {
   $array = $handles['encrypt']->DecodeAuthTokenHeavy( $token );
   if( count( $array ) < 10 ) {
    // return error on length of array
    $ret = '0x20000';
   } else {

    // initialize our database connection
    $dbconn = $handles['db']->dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] );

    // double check a count of user/group objects against this resource id and set a simple flag
    $a['check-user'] = "SELECT * FROM `resources_users` WHERE `resource` = \"" . md5( $data ) . "\"";
    $a['check-group'] = "SELECT * FROM `resources_groups` WHERE `resource` = \"" . md5( $data ) . "\"";
    foreach( $a as $b => $c ) {
     if( $handles['db']->dbQuery( $handles['val']->ValidateSQL( $c, $dbconn ), $dbconn ) !== -1 ) {
      if( $handles['db']->dbNumRowsAffected( $dbconn ) > 1 ) {
       $num = $handles['db']->dbNumRowsAffected( $dbconn );
      }
     }
    }

    // our sql array regarding existing permissions on this resource id
    $a['check-resource'] = "SELECT * FROM `resources` WHERE `resource` = \"" . md5( $data ) . "\" AND `common-name` = \"" . $data . "\"";
    $a['check-user'] = "SELECT * FROM `resources_users` WHERE `user` = \"" . $array[0] . "\" AND `resource` = \"" . md5( $data ) . "\"";
    $a['check-group'] = "SELECT * FROM `resources_groups` WHERE `group` = \"" . $array[3] . "\" AND `resource` = \"" . md5( $data ) . "\"";

    foreach( $a as $b => $c ) {
     if( ( $x = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $c, $dbconn ), $dbconn ) ) !== -1 ) {
      if( $handles['db']->dbNumRowsAffected( $dbconn ) > 0 ) {
       // ensure before deleting primary resource id info that there are more then
       // one existing group/user objects associated with this resource
       if( ( $b === "check-resource" ) && ( $num <= 1 ) ) {
        $sql['resource'] = "DELETE FROM `resources` WHERE `common-name` = \"" . $data . "\" AND `resource` = \"" . md5( $data ) . "\" LIMIT 1";
       }
       // remove the resource object from our group table
       if( $b === "check-group" ) {
        $sql['group'] = "DELETE FROM `resources_groups` WHERE `group` = \"" . $array[3] . "\" AND `resource` = \"" . md5( $data ) . "\" LIMIT 1";
       }
       // remove the resource object from our user table
       if( $b === "check-user" ) {
        $sql['user'] = "DELETE FROM `resources_users` WHERE `user` = \"" . $array[0] . "\" AND `resource` = \"" . md5( $data ) . "\" LIMIT 1";
       }
      }
     } else {
      $ret = '0x30000';
     }
    }

    if( count( $sql ) > 0 ) {
     foreach( $sql as $x => $y ) {
      if( $handles['db']->dbQuery( $handles['val']->ValidateSQL( $y, $dbconn ), $dbconn ) !== -1 ) {
       // everything went splendindly
       $ret = '0x40000';
      } else {
       $ret = '0x30000';
      }
     }
    } else {
     $ret = '0x40000';
    }
    // clean things up to keep things speedy
    $handles['db']->dbFixTable( "resources", $dbconn );
    $handles['db']->dbFixTable( "resources_users", $dbconn );
    $handles['db']->dbFixTable( "resources_groups", $dbconn );
    $handles['db']->dbFreeData( $value );
    $handles['db']->dbCloseConn( $dbconn );
   }
  }
  return $ret;
 }

 // return a json encoded object list
 function ReturnObjectList( $token )
 {
  global $defined;
  global $handles;

  // decode the authentication token
  $array = $handles['encrypt']->DecodeAuthTokenHeavy( $token );
  $username = $array[0];
  $group = $array[3];

  // connect to the database
  $dbconn = $handles['db']->dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] );

  // lookup objects per the group/user
  if( ( $username === "admin") || ( $group === "admin" ) ) {
   $sql['user'] = "SELECT * FROM `resources_users`";
   $sql['group'] = "SELECT * FROM `resources_groups`";
  } else {
   $sql['user'] = "SELECT * FROM `resources_users` WHERE `user` = \"" . $username . "\"";
   $sql['group'] = "SELECT * FROM `resources_groups` WHERE `group` = \"" . $group . "\"";
  }

  // loop over array of sql statements
  foreach( $sql as $key => $value ) {
   if( ( $x = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $value, $dbconn), $dbconn ) ) !== -1 ) {
    if( $handles['db']->dbNumRowsAffected( $dbconn ) > 0 ) {
     $data[$key] = $handles['db']->dbArrayResultsAssoc( $x );
    }
   }
  }

  if( count( $data ) > 0 ) {
   if( function_exists( "json_encode" ) ) {
    $returnData = json_encode( array_map( $handles['val']->ValidateXSS, $data ) );
   } else {
    $returnData = $handles['misc']->arr2json( array_map( $handles['val']->ValidateXSS, $data ) );
   }
  } else {
   $returnData = '0x30000';
  }

  // clean things up to keep things speedy
  $handles['db']->dbFixTable( "resources", $dbconn );
  $handles['db']->dbFixTable( "resources_users", $dbconn );
  $handles['db']->dbFixTable( "resources_groups", $dbconn );
  $handles['db']->dbFreeData( $value );
  $handles['db']->dbCloseConn( $dbconn );

  return $returnData;
 }

 // log user out
 function logout( $token )
 {
  global $defined;
  global $handles;

  // clean things up to keep things speedy
  $handles['db']->dbFixTable( "sessions", $dbconn );
  $handles['db']->dbFixTable( "users", $dbconn );
  $handles['db']->dbFixTable( "resources", $dbconn );
  $handles['db']->dbFixTable( "resources_users", $dbconn );
  $handles['db']->dbFixTable( "resources_groups", $dbconn );
  $handles['db']->dbFreeData( $value );
  $handles['db']->dbCloseConn( $dbconn );
 }

 // handle lookup remote application resource object permissions
 function LookupPermissions( $token, $data )
 {
  global $handles;
  global $defined;

  if( ( empty( $token ) ) || ( empty( $data ) ) ) {
   // return error about missing data
   $info = '0x10000';
  } else {
   $array = $handles['encrypt']->DecodeAuthTokenHeavy( $token );
   if( count( $array ) < 10 ) {
    // return error on length of array
    $info = '0x20000';
   } else {
    $userAttrs = $this->UserObjectLookup( $data, $array[0] );
    $groupAttrs = $this->GroupObjectLookup( $data, $array[3] );
    if( is_array( $userAttrs ) ) {
     if( ( (int)$userAttrs[0]['read'] === 1 ) && ( (int)$userAttrs[0]['write'] === 1 ) ) {
      $usrVal = '11';
     }
     if( ( (int)$userAttrs[0]['read'] === 1 ) && ( (int)$userAttrs[0]['write'] !== 1 ) ) {
      $usrVal = '10';
     }
     if( ( (int)$userAttrs[0]['read'] !== 1 ) && ( (int)$userAttrs[0]['write'] === 1 ) ) {
      $usrVal = '01';
     }
    } else {
     $usrVal = $userAttrs;
    }
    if( is_array( $groupAttrs ) ) {
     if( ( (int)$groupAttrs[0]['read'] === 1 ) && ( (int)$groupAttrs[0]['write'] === 1 ) ) {
      $grpVal = '11';
     }
     if( ( (int)$groupAttrs[0]['read'] === 1 ) && ( (int)$groupAttrs[0]['write'] !== 1 ) ) {
      $grpVal = '10';
     }
     if( ( (int)$groupAttrs[0]['read'] !== 1 ) && ( (int)$groupAttrs[0]['write'] === 1 ) ) {
      $grpVal = '01';
     }
    } else {
     $grpVal = $groupAttrs;
    }
    if( ( strlen( $usrVal ) === 2 ) && ( strlen( $grpVal ) === 2 ) ) {
     $info = '0x0' . $grpVal . "$usrVal";
    }
   }
  }
  return $info;
 }

 function UserObjectLookup( $data, $user )
 {
  global $handles;
  global $defined;

  $dbconn = $handles['db']->dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] );
  $sql = "SELECT * FROM `resources_users` WHERE `user` = \"" . $user . "\" AND `resource` = \"" . md5( $data ) . "\"";
  if( ( $value = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $sql, $dbconn ), $dbconn ) ) !== -1 ) {
   if( $handles['db']->dbNumRows( $value ) > 0 ) {
    $userAttrs = $handles['db']->dbArrayResultsAssoc( $value );
   } else {
    $userAttrs = '00';
   }
  } else {
   $userAttrs = '0x30000';
  }
  return $userAttrs;
 }

 function GroupObjectLookup( $data, $group )
 {
  global $handles;
  global $defined;

  $dbconn = $handles['db']->dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] );
  $sql = "SELECT * FROM `resources_groups` WHERE `group` = \"" . $group . "\" AND `resource` = \"" . md5( $data ) . "\"";
  if( ( $value = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $sql, $dbconn ), $dbconn ) ) !== -1 ) {
   if( $handles['db']->dbNumRows( $value ) > 0 ) {
    $groupAttrs = $handles['db']->dbArrayResultsAssoc( $value );
   } else {
    $groupAttrs = '00';
   }
  } else {
   $groupAttrs = '0x30000';
  }
  return $groupAttrs;
 }
}
?>
Return current item: phpMyOrdering